WordPress News

What is WordPress Multisite

What is WordPress Multisite and Who Should Use It?

By Adam Warner

In this post, we’re going to look at the Multisite feature of WordPress. We’ll learn what it is, when to use it, and when not to use it. We’ll also cover a few important best practices to keep in mind when running WordPress Multisite.

When you enable Multisite in WordPress, you have the ability to create a network of individual WordPress sites on a single installation of the software. Enabling, configuring, managing, and growing a WordPress Multisite-powered website is not for novice users, but depending on the goals of your business, it just might be the perfect solution.

Tags:   multisite, network
Categories:  WordPress
WordPress Speed Optimization

10 WordPress Website Performance Best Practices

By Logan Kipp

If you’re reading this article, it’s almost certainly not the first website performance article you’ve browsed. Let’s be honest, practically everyone has an opinion on the matter and you would probably deforest half the Amazon rainforest if you tried to print each article you’ve come across. Since we all want to save the habitat of the endangered Amazonian Wapuu and skip the conjecture, I’d like to share with you my 10 WordPress website performance best practices that provide gains you can actually measure.

Tags:   best practices, CDN, database, http/2, performance, requests, WordPress
Categories:  WordPress, WordPress security
How to Install and Configure the SiteLock Plugin for WordPress

How to Install and Configure the SiteLock Plugin (Video Tutorial)

By Adam Warner

In our previous Beginners Guide to the SiteLock Plugin for WordPress, we showed you the benefits of proactively preventing malware and hacking attempts on your WordPress website. In this video, you’ll exactly how to install and configure our plugin and connect it to an existing (or new) SiteLock account.

Tags:   plugin, security, tutorial
Categories:  WordPress
WordCamp Jacksonville 2017

WordCamp Jacksonville – A True All Things WordPress Conference

By Adam Warner

Last week I attended and spoke at the second annual WordCamp Jacksonville. It was my first time attending this camp and it didn’t disappoint. As the title of this post suggests, it seemed there was something for every type of WordPress user, and that’s not always an easy feat to achieve.

Tags:   database, jacksonville, keiser university jacksonville, malware, wp-cli
Categories:  WordCamp
SiteLock Threat Intercept blog

Threat Intercept: Malvertising via JavaScript Redirects

By Michael Veenstra
This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
Threat Bar Graphic
Learn More

Category: Malvertising / Malicious Redirect

Trend Identified: 5/17/2017

CVE ID: N/A

Trend Name: Trend El Mirage

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

MEDIUM: The vector used to infect websites appears to be through the use of leaked compromised passwords.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including database content.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.


The SiteLock Research team has identified a trend of JavaScript injections causing the visitors of affected websites to be automatically redirected to advertisements without the knowledge of the website owner.

This infection impacts WordPress sites across all versions, but the affected websites identified at this time all show evidence of recent infection by a fake WordPress plugin that performed malicious redirects as well. The previous infections were determined to have been distributed via a botnet using a database of leaked login credentials, suggesting this new attack may similarly be accessing sites via compromised WordPress administrator credentials.

 

The malicious code becomes embedded into existing JavaScript files in the affected sites, ensuring that the code will be executed in visitors’ browsers regardless of their activity on the site.

The code as it appears in the injected files is obfuscated, which means it’s written in a way that makes it difficult for humans to read. This is the malicious script as it appears in the affected files:

Obfuscated JavaScript responsible for malicious redirects.

After decoding this file, we are able to determine the specifics of how it behaves:

Decoded Malvertisement Malware

Decoded and formatted version of the injected JavaScript.

The redirect takes place immediately after loading a page including the infected JavaScript, after which a cookie is stored in the visitor’s browser called “csrf_uid” that expires three days after being created. The naming of this cookie is an attempt to hide in plain sight, as CSRF (Cross-Site Request Forgery) protection cookies are commonplace in many websites across the internet. While the cookie is active, no further redirects will take place. This provides two benefits to the attacker. First, the ad network will be less likely to identify suspicious behavior and flag the attacker’s account. Secondly, it makes the redirects more difficult to identify and duplicate by the sites’ owners and administrators, decreasing the likelihood that the specific infection will be identified and removed.


Cookies are pieces of data that websites store in your browser for later use. Sites use cookies for a number of legitimate reasons, from storing login sessions to analytics of how users are browsing the site.

Fortunately, despite the nature of these redirects, no malicious activity has been identified in the advertisements themselves, meaning a system infection occurring after these redirects is unlikely.

Because the attack vector of this infection appears to be leaked login credentials from unrelated data breaches, it is very important to ensure that strong password policies are in place on your site. Avoid using the same password across multiple locations to prevent one service’s breach from exposing your accounts elsewhere. If you determine that your data has been part of a publicized breach, change your passwords immediately. Also, consider using a breach checker to identify if your email address has been associated with any public data breaches in the past, as this would be a major indicator that password changes will be necessary for your accounts.

If you are a website owner and you believe your website has been impacted by this infection, contact SiteLock as soon as possible at 855.378.6200. Our SMART scan began rapidly identifying and cleaning instances of this infection within 24 hours of being initially identified.

Tags:   malvertising, malware, redirect, threat intercept
Categories:  WordPress security

How a Self-Published Author Turned to SiteLock to Save his Website [Case Study]

By Stacey Todd

Overview

Bill Kasal is a retired award-winning TV, video and radio producer. With over 25 years of experience, he has held many impressive roles including; Program Director and co-host for the Coachella Valley’s highest rated morning radio show, Executive Marketing Director for another, and Executive Producer for a seven-part PBS Series. After winning countless awards for television programs for nonprofit organizations, Kasal has turned his focus to writing books.

Kasal is the author of seven self-published books on Amazon. His writings cover a wide range of topics, including observations on daily life, family, recipes, humor, and his experiences as a reserve police officer. To share his stories and promote his books, Kasal relies heavily on his WordPress blog, billkasal.com.

Kasal started his blog in 2010, and not only uses it as an outlet for his writing, but also as a way for his site visitors to find his Amazon Author Page. “My blog has an active following, and my visitors reference it regularly to stay updated on my upcoming book launches,” Kasal says.

Tags:   case study, malware, malware removal, SiteLock, WordPress
Categories:  SiteLock Reviews
WordCamp crowd

This is the Best Part of a WordCamp

By Adam Warner

When I attended my first WordCamp in 2011, I instantly fell in love with these events. Over the past year and a half, I’ve been fortunate to attend 29 different WordCamps around the world, and have learned so much from each and every one. In this time, I’ve realized what the absolute best part about any WordCamp is, and it’s my pleasure to share that with you.

Although there is a “best thing” about WordCamps (in my opinion), there are so many great things that should also be included here.

An Inexpensive Opportunity to Learn

SiteLock at WordCamp Atlanta

WordCamps are volunteer led and locally organized events. Each one is created by the community, for the community. The WordPress community is like no other I’ve been involved with. It’s open and collaborative with the goal to openly share knowledge in order to elevate attendee skills and understanding of the web publishing space.

WordCamps are in part funded by sponsors. There are global sponsors (SiteLock included), and many sponsors who are local to the event location. It’s an opportunity for companies and individuals to get their brand in front of attendees, but more than that, it’s a great way to give back to the WordPress project in a meaningful way.

Because sponsors donate their time and money, that means WordCamps can keep ticket costs low, usually in the $35 to $40 range. The affordable price tag makes these events accessible to more people than a traditional trade show or event where admission can cost hundreds and even thousands of dollars.

Shared Knowledge, Experience and Partnerships

WordCamp Europe Hallway Track

If you went to a trade show that included mostly local businesses, many with competing products and services, would you expect that they would share their best advice for acquiring and managing their customers? Probably not. But this is exactly what happens at a WordCamp.

I’ve seen premium plugin business owners discussing their revenue details. I’ve seen hosting companies commiserating on technical challenges and how they have approached a solution. I’ve seen two real estate website development agencies sharing how they acquire customers.

Similar to the mission of WordPress, Democratizing Publishing, the official WordCamp mission statement might as well be Elevating Each Other. Of course, it’s not all altruistic either. There are business partnership opportunities to be explored and agreed upon during WordCamps too, and this happens regularly. Whether it’s between two developers who team up to start an agency, or between larger companies finding a mutually beneficial subject to offer together.

The Session Topics

Best Thing About WordCamps - Asheville

And now we’re getting closer to the meaning behind the title of this post. Every WordCamp session I’ve attended has been something useful, relevant and actionable. No matter whether you’re a blogger, designer, developer, business owner or a combination of these, there is always useful insight being shared by speakers that attendees can take away and implement for their own WordPress journeys.

Not only are the scheduled sessions always packed with useful information, but so are the conversations you have with others in the Hallway Track. If you’re not familiar, the Hallway Track is a term used to describe the conversations and knowledge sharing that occur during and after WordCamp sessions. All of this leads me to the best part of a WordCamp…

The People

Best Thing About WordCamps - The People

The individual people that plan, organize, sponsor, and attend are the best part of any WordCamp. For the most part, there is a similarity between people who are involved in WordPress, and especially so with people who get involved with WordCamps. The common denominator is that they are all genuinely nice people.

I have no scientific data to prove this niceness, of course, it’s my own generalization. Even more than this, people at WordCamps are eager to learn and are even more eager to connect deeply with others who share the same passion for building the web that creates real and lasting relationships.

 

Tags:   hallway track, people, relationships
Categories:  WordCamp
Password Zero Day

Zero Day Vulnerability in WordPress Password Reset

By Wyatt Morgan

This week an unpatched vulnerability in WordPress was disclosed by security researcher Dawid Golunski that could potentially allow an attacker to reset admin passwords. This vulnerability impacts most versions of WordPress, including the current release 4.7.4.

Tags:   vulnerability, WordPress, zero day
Categories:  Website Security, WordPress, WordPress security

How to Keep Your Dashboard Green

By Logan Kipp

The SiteLock Dashboard is designed to deliver a concise report of your website security status at-a-glance. We’ve incorporated a color-coded light system that is so easy to understand, your eyes won’t need more than two tenths of a second to discern the color of your SiteLock status light. If you’re not familiar with the definitions of the three traffic light settings, I sometimes like to explain these using what I call the beach martini rule. I tend to picture our customers relaxing on the beach, unwinding and sipping a martini because they know SiteLock has their back. At about the  point where it’s a good time to reapply your sunscreen, you also take a quick glance at your site status before sinking back into your lounge chair.

SiteLock Dashboard Green LightGreen – The coast is clear, no action is required at this time. Re-apply your sunscreen and order yourself another martini.

SiteLock Dashboard Yellow LightYellow – Action is required to resolve a non-critical item. When you’re done soaking up the rays for the day, go ahead and take a look at what needs your attention.

SiteLock Dashboard Red LightRed – Action is required on a critical item. Let’s go ahead and set that martini down and take a look at what’s going on.

Tags:   account management, alerts, dashboard, malware, SiteLock, vulnerability
Categories:  Website Security, WordPress security
SiteLock Threat Intercept blog

Threat Intercept: Passwords Publicly Exposed by Malware

By Ramuel Gall
This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
Threat Bar Graphic
Learn More

Category: Shell / Information Disclosure

Trend Identified: 4/20/2017

CVE ID: N/A

Trend Name: Trend Tusayan

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including credential disclosure and database contents.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.

The SiteLock team has discovered a dangerous malware trend that not only provides website administrator level access to the bad actors involved, but exposes sensitive website credentials publicly over the internet.

Tags:   cpanel, idx shell, Joomla!, magento, malware, password, shell, threat intercept, trend, vulnerability, WordPress
Categories:  Website Security, WordPress, WordPress security